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Abstract. Many different systems with explicit substitutions have been proposed to im- 
plement a large class of higher-order languages. Motivations and challenges that guided 
the development of such calculi in functional frameworks are surveyed in the first part of 
this paper. Then, very simple technology in named variable-style notation is used to es- 
tablish a theory of explicit substitutions for the lambda-calculus which enjoys a whole set 
of useful properties such as full composition, simulation of one-step beta-reduction, preser- 
vation of beta-strong normalisation, strong normalisation of typed terms and confluence 
on metaterms. Normalisation of related calculi is also discussed. 



1. Introduction 

This paper is about explicit substitutions (ES), a formalism that - by decomposing the 
implicit substitution operation into more atomic steps - allows a better understanding of 
the execution models of higher-order languages. 

Indeed, higher-order substitution is a meta-level operation used in higher-order lan- 
guages (such as functional, logic, concurrent and object-oriented programming), while ES 
is an object-level notion internalised and handled by symbols and reduction rules belonging 
to their own worlds. However, the two formalisms are still very close, this can be eas- 
ily seen for example in the case of the A-calculus whose solely reduction rule is given by 
(Xx.t) V — >/3 t{x/v}, where the operation t{x/v} denotes the result of substituting all the 
free occurrences of x in t by v, a notion that can be formally defined modulo a-conversio 
as follows: 

x{x/v} := V 

y{x/v} := y x^y 

{uiU2){x/v} := ui{x/v}u2{x/v} 
{Xy.u){x/v} := Xy.u{x/v} 
The simplest way to specify a A-calculus with ES is to incorporate substitution operators 
into the language, then to transform the equalities of the previous specification into a set 
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of reduction rules (so that one still works modulo a-conversion) . The following reduction 
system, known as Ax |Lin86l lLin921 [Ros921 IBR95| . is thus obtained. 

(Xx.t) V — > 

y[x/v] y x^y 

{uiU2)[x/v] Ui[x / V]U2[X / V] 

{Xy.u)[x/v] Xy.u[x/v] 

The Ax-calculus corresponds to the minimal behavioui0 that can be found among the cal- 
culi with ES appearing in the literature (equivalent minimal behaviours can be found, for 
example, in [CurDll [BBLRD96| IKR9^ ). However, when using this simple operational se- 
mantics, outermost substitutions must be always delayed until the total execution of all the 
innermost substitutions appearing in the same environment. Thus for example, the prop- 
agation of the outermost substitution [x/v] in the term {zyx)[y / xx][x / v] must be delayed 
until [y/xx] is first executed on zyx. 

This restriction can be recovered by the use of more sophisticated interactions, known 
as composition of substitutions, which allow in particular the propagation of substitu- 
tions through other substitutions. Thus for example, {zyx)[y/xx][x/v] can be reduced 
to {zyx)[x/v][y/{xx)[x/v]], which can be further reduced to {zyv)[y /vv], a term equal to 
{zyx)[y / xx]{x / v} , where {x/v} is the meta/ implicit substitution that the explicit substi- 
tution [x/v\ is supposed to implement. 

In these twenty last years there has been a growing interest in A-calculi with ES. They 
can be defined either with unary [Ros92l ILRD94| or n-ary [ACCL911 IHL89] substitutions, 
by using de Bruijn notation |dB72l ldB78j . or levels [LRD95j . or nominal logic |GP99] . 
or combinators |GL99j . or director strings |SFM03j . or ... simply by named variables as 
in the Ax-calculus. Besides different notations, a calculus with ES can be also seen as a 
term notation for a logical system where the reduction rules behave like cut elimination 
transformations |Her94l [PUOTl IKLOSj . 

Composition rules for ES first appeared in \a |ACCL9l] . They turn out to be nec- 
essary to get confluence on open terms |HL89j in calculi implementing higher-order unifi- 
cation [DHKOOj or functional abstract machines |LM991 IHMP96j . They also guarantee a 
simple property, called full composition, that calculi without composition do not enjoy: any 
term of the form t[x/u] can be reduced to t{x/u}\ in other words, explicit substitution imple- 
ments the implicit one. Indeed, taking again the previous example, {zyx)[y / xx\[x / v\ reduces 
to [zyx)[y / xx\{x / v} = {zyv)[y/vv\. Many calculi such as Ao", Afi^ jHL89j . Xguh |Mil06j . 
Alxr jKLOSl IKLOTj and Aes jKesOTj enjoy full composition. 

In any case, all these calculi were introduced as a bridge between formal higher-order 
calculi and their concrete implementations. However, implementing an atomic substitution 
operation by several elementary explicit steps comes at a price. Indeed, while A-calculus is 
perfectly orthogonal (in particular does not have critical pairs), calculi with ES such as Ax 
suffer at least from the following well-known diverging example: 

t[y / v\[x / u[y / v]] *^ {{Xx.t) u)[y/v\ t[x/u\[y/v\ 

Different solutions were adopted in the literature to close this diagram. If no new 
rewriting rule is added to those of the minimal Ax-calculus, then reduction turns out to 
be confluent on terms but not on metaterms (terms with metavariables used to represent 



^Some presentations replace the rule y[x/u] y hy the more general one t[x/u] — > t if a; ^ f'^(i)- 
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incomplete programs and proofs). If liberal rules for composition are considered, as in 
Xa, Ao"^, or Asg |KR97j . then one recovers confluence on metaterms but loses preserva- 
tion of /3-strong normalisation (PSN) as not all the /3-strongly normalising terms remain 
normalising in the corresponding ES version. This phenomenon, known as Mellies' counter- 
example [M el95j (see also jBG99j for later counterexamples in named calculi), shows a flaw 
in the design of ES calculi since they are supposed to implement their underlying calculus 
(in our case the A-calculus) without losing its good properties. 

There are many ways to avoid Mellies' counter-example in order to recover the PSN 
property. One can forbid the substitution operators to cross A-abstractions or avoid com- 
position of substitutions. One can also impose a simple strategy on the calculus with ES 
to mimic exactly the calculus without ES. The first solution leads to weak lambda cal- 
culi |LM991 lFor02j . not able to express strong beta-equality (used for example in implemen- 
tations of proof-assistants). The second solution |BBLRD96j is drastic when composition 
of substitutions is needed for implementations of HO unification |DHK00j or functional ab- 
stract machines |LM991 [HMP96] . The last one does not take advantage of the notion of ES 
because they can be neither composed nor even delayed. 

Fortunately, confluence on metaterms and preservation of /3-strong normalisation can 
live together, this is for example the case of X^s |DG991 IDGOlj and Alxr, which both 
introduce a controlled notion of composition for substitutions. Syntax of X^s is based on 
terms with explicit weakening constructors. Its operational semantics reveals |DCKPOO] 
a natural understanding of ES in terms of Linear Logic's proof-nets |Gir87j . which are a 
geometrical representation of linear logic sequent proofs that incorporate a clear mechanism 
to control weakening and contraction. Weakening, viewed as erasure, and contraction, 
viewed as duplication, are precisely the starting points of the Alxr-calculus whose syntax 
is obtained by incorporating these new operators to the A-terms. The reduction system of 
Alxr contains 6 equations and 19 rewriting rules, thus requiring a big number of cases when 
developing some combinatorial reasoning. This is notably discouraging when one needs to 
check properties by cases on the reduction step; a reason why confluence on metaterms for 
Alxr is just conjectured but not still proved. Also, whereas Alxr gives the evidence that 
explicit weakening and contraction are sufficient to verify all the properties expected from 
a calculus with ES, there is no justified reason to think that they are also necessary. 

We choose here to use simple syntax in named variable notation style to define a for- 
malism with full and safe composition that we call Aex-calculus. Thus, we dissociate the 
operational semantics of the calculus from all the renaming details that are necessary to 
specify higher-order substitution on terms that are implemented by non-trivial technolo- 
gies such as de Bruijn indices or nominal notation. Even if our choice implies the use of 
a-equivalence, we think that this presentation is more appropriate to focus on the fundamen- 
tal (operational) properties of full and safe composition. It is now perfectly well-understood 
in the literature how to translate terms with named variables into other notations, so that 
we expect these translations to be able to preserve all the properties of the Aex-calculus. 

The Aex-calculus is obtained by extending Ax with one rewriting rule to specify compo- 
sition of dependent substitutions and one equation to specify commutation of independent 
substitutions. This will turn out to be essential to obtain a safe notion of full composition 
which does not need anymore the complex manipulation of explicit operators for contrac- 
tion and weakening used in Alxr to guarantee PSN. The substitutions of Aex are defined 
by means of unary constructors but have the same expressive power as n-ary substitutions. 
Indeed, while simultaneous substitutions are specified by lists (given by n-ary substitutions) 
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in Afj, they are modelled by sets (given by commutation of independent unary substitutions) 
in Aex. 

We thus achieve the definition of a concise language being easy to understand, and 
enjoying a useful set of properties: confluence on metaterms (and thus on terms), simulation 
of one-step /3-reduction, full composition, preservation of /3-strong normalisation and strong 
normalisation of typed terms (SN). 

Most of the available SN proofs for calculi with composition are not really first-hand: 
either one simulates reduction by means of another well-founded relation, or SN is deduced 
from a sufficient property, as for example PSN. Proofs using the first technique are for 
example those for X^s in |DCKP03] and Alxr |KL07j . based on the well-foundedness of 
the reduction relation for multiplicative exponential linear logic (MELL) proof-nets |Gir87j . 
An example of SN proof using the second technique is that for Aes, where PSN is obtained 
by two consecutive translations, one from Aes into a calculus with ES and weakening, the 
second one from this intermediate calculus into the Church-Klop's A/-calculus jKloSOj . In 
both cases the resulting proofs are long, particularly because they make use of normalisation 
properties of other (related) calculi. 

It is then desirable to provide more direct arguments to prove normalisation properties 
of full and safe composition, thus avoiding unnecessary detours through other complex 
theories. And this becomes even necessary when one realises that normalisation of a calculus 
which allows duplication of void substitutions, such as Aex, cannot be understood in terms 
of calculi like MELL proof-nets where such behaviour is impossible. 

The technical tools used in the paper to show PSN for Aex are the following. We first 
define a perpetual reduction strategy for Aex: if t can be reduced to t' by the strategy, and 
t' € iSA^Aex, then t G SMxex- In particular, since the perpetual strategy reduces t[x/u] to 
t{x/u}, one has to show that normalisation of Implicit substitution implies normalisation 
of Explicit substitution. More precisely, 

(IE) U € ^A^Aex & t{x/u} e cST^Aex imply t[x/u] € ^A^Aex- 

In other words, explicit substitution implements implicit substitution but nothing more 
than that, otherwise one may get calculi such as \a where does much more than 

t{x/u}. A consequence of the IE property is that standard techniques to show SN based 
on meto-substitution can also be applied to calculi with ES, thus simplifying the reasoning 
considerably. Indeed, the perpetual strategy is used to give an inductive characterisation of 
the set iSA^Aex by means of just four inference rules. This inductive characterisation is then 
used to show that untyped terms preserve /9-strong normalisation and that typed terms are 
in SJ\f\ex- At the end of the paper we also show how SN of other calculi with or without 
full composition can be obtained from SN of Aex. 

All our proofs are developed using simple logical tools: intuitionistic reasoning, induc- 
tion, reasoning by cases on decidable predicates. All this gives a constructive (no use of 
classical logic) flavour to the whole development. 

The proof technique used to show the IE property is mostly inspired from the PSN 
proofs used for the non equational systems Ax and A^s in jLLD"'"04] and [ABROOj . Cur- 
rent investigations carried out in |SvO07j show PSN for different calculi with (full or not) 
composition. The approach is based on the analysis of minimal non-terminating reduction 
sequences. The calculus proposed in |Sak] specifies commutation of independent substi- 
tutions by a non-terminating rewriting system (instead of an equation), thus leading to 
complicated notions and proofs. 
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This paper extends some ideas summarised in |Kes071 IKes08| , particularly by the use of 
intersection types to characterise the set SJ\f\ex as well as the use of the Z-property of van 
Oostrom [vOj to show confluence. It is organised as follows. Section [2] introduces syntax 
and reduction rules for the Aex-calculus. The perpetual strategy for Aex is introduced in 
Section [3] together with its corresponding Perpetuality Theorem. This fundamental theorem 
is proved thanks to a key property whose proof is left to Sections U] and O The equivalence 
between intersection typed and /3-strongly normalising terms is given in Section [6l In 
Section [7] we explain how to infer SN for other calculi with ES. In Section [8] we prove 
confluence for metaterms. Finally we conclude and give directions for further work in 
Section [9l 



2. Syntax 



The Aex-calculus can be viewed as a simple extension of the Ax-calculus. The set of 
terms (meta-variables s, t, u, v) is defined by the following grammar. 

T::=x\TT\ Xx.T \ T[x/T] 

Free and bound variables of t, written respectively fv{t) and bv(t), are defined by 
induction as follows: 



f v(x) 
f v(Ax.n) 
fv{uv) 
fv{u[x/v]) 



{x} 

fv{u) \ {x} 

fv{u) U fv{v) 

(f v(n) \ {x}) U fv{v) 



bv(x) 
bv(Ax.u) 

'bv{u[x/v]) 



bv(u) U {x} 
bv(ii) U bv('y) 
hv{u) U {x} Ubv(-y) 



Thus, Xx.t and t[x/u] bind the free occurrences of x in t. 

The congruence generated by renaming of bound variables is called a- conversion. Thus 
for example {\y .x)[x / y] =a {\z.x')\x' ly\. Given a term of the form the two 

outermost substitutions are said to be independent iff y ^ f v(n), and dependent iff y € f v(n). 
Notice that in both cases we can always assume x ^ fv{v) by a-conversion. We use the 
notation tn for a list of n (n > 0) terms ti, . . . ,tn and utn for uti . . .tn, which is in turn an 
abbreviation of (. . . ((uti)t2) • • • tn)- 

M eta- substitution on terms is defined modulo a-conversion in such a way that capture 
of variables is avoided. It is given by the following equations. 

x{x/v} 



y{x/v} 
{\y.t){x/v} 
{tu){x/v} 
t[y/u]{x/v} 



yiiy^x 
\y.t{x/v} 
t{x/v}u{x/v} 
t{x / v}[y / u{x / v}] 



Thus for example {\y.x){x/y} = Xz.y. Notice that t{x/u} = t if x ^ f'^(^)- 

Besides a-conversion, we consider the equations and rewriting rules in Figured! 

Notice that a-conversion allows to assume that there is no capture of variables in the 
previous equations and rules. Thus for example we can assume y ^ x and y ^ fv{v) in the 
rewriting rule Lamb. Same kind of assumptions are done for the rewriting rule Comp and the 
equation C. 

The rewriting relation -^bx is generated by all the rewriting rules in Figure [Hand 
is only generated by the five last ones. The equivalence relation =e is generated by the 
conversions a and C. The reduction relations -^ex and ^Aex are respectively generated by 
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Equations : 








t[x/u] [y/v] 


— c 


t[y/v\ [x/u] 


if y ^ f v(ii) & X ^ f v(-u) 


Rules : 








[Xx.t) u 




t[x/u] 




x[x/v\ 


^Var 


u 




t[x/u] 


^Gc 


t 


if X ^ f v(t) 


{tu)[x/v\ 


^App 


t[x/v] u[x/v] 




{\y.t)[x/v] 


^Lamb 


Xy.t[x/v] 




t[x/u][y/v] 


^Comp 


t[y/v][x/u[y/v]] 


if y G f v(u) 



Figure 1: The Aex-calculus 



the rewriting relations and — >bx modulo =e (thus specifying rewriting on e-equivalence 
classes) : 

i ^ 6x ^ iff 3 s s s.t. i — Q s ^ "x. ^ — © ^ 

t — >A6X t' iff 3 S, s' s.t. t=eS ^Bx «' =e i' 

Given any reduction relation TZ, a term t is said to be in TZ-normal form, written 
t G MT-ji, if there is no u such that t -^-ji u. As an example, an inductive definition of 
MJ^Xex can be given by: ti,... ,tn G AAj^^ex imply xti . . . t„ G A/'J^Aex, and t G MTxex 
implies Ax.i G M^Fxex- 

Again for any reduction relation TZ, a term t is said to be IZ-strongly normalising, 
written t G SM-ji, if there is no infinite 7^-reduction sequence starting at t, in which case 
the notation rj'ji{t) means the maximal length of a IZ-reduction sequence starting at t. An 
inductive definition of SM-ji is usually given by: 

t G SJ\fn iff Vs (t s implies s G SMu) 

The notation (resp. — is used for the reflexive (resp. reflexive and transitive) 
closure of Thus in particular, if t ^^g^ ^' ^ reduction steps, then t =e t' . 

The following basic properties can be shown by a straightforward induction on the 
reduction relation. 

Lemma 2.1 (Basic Properties). Let TZ G {ex, Aex} and let t,t',u be terms. 

• Ift -"n t', then fv(t') C fv(t). 

• If t — t' , then u{x/t} u{x/t'} and t{x/u} -^n t'{x/u}. Thus in particular 
t{x/u} G SMtz implies t G SAf-jz- 

As explained in Section [T] the composition rule Comp and the equation C guarantee the 
following property: 

Lemma 2.2 (Full Composition for Terms). Let t,u be terms. Then t[x/u] t{x/u}. 

Proof. By induction on t. Consider t = s[y/v]. If x G fv(f), then ,s[y/v][x/u] — >comp 
s[x/u][y/v[x/u]] ^+ (.^^ -j s{x/u}[y/v{x/u}] = t{x/u}. If x ^ fv(t;), then s[y/v][x/u\ =c 
s[x/u][y/v] —5-'^ s{x/u}[y/v] = t{x/u}. All the other cases are straightforward. □ 
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Simulation of one-step /5-reduction is then a direct consequence of full composition. 

Lemma 2.3 (Simulating One-Step /3- Reduction) . Let t,t' be X-terms. If t -^p t' , then 
f — >* f' 



3. Perpetuality and Preservation of Normalisation 

A perpetual strategy gives an infinite reduction sequence for a term, if one exists, 
otherwise, it gives a finite reduction sequence leading to some normal form. Perpetual 
strategies, introduced in |BBKV76] . can be seen as antonyms of normalising strategies, they 
are particularly used to obtain normalisation results. We refer the reader to |vRSSX99] for 
more details. 

Perpetual strategies can be specified by one or many steps. In contrast to one-step 
strategies for ES given for example in [BonOlaj . we now define a many-step strategy giving 
a reduct for any t ^ AfJ^Xe^- This is done according to the following cases. If t = xti . . .tn, 
rewrite the left-most ti which is reducible. If t = Xx.u, rewrite u. If t = {Xx.s)uv^, 
rewrite the head redex. U t = s[x/u\v^ and u ^ SMxex, rewrite u. If t = s[x/u\v^ and 
u G SMxex, apply full composition to the head redex s[x/u] by using as many steps as 
necessary. Formally, 

Definition 3.1 (A Strategy for Terms). The strategy on terms is given by an inductive 
definition. 



Un G AAj^Aex t t' t ^ t' ( g) 

_,_ (p-var) — -— (p-abs) (Ax.t)nn;r t\x/u]u;i 

XUntVm ^ XUnt Vm Xx.t Xx.t ^ ' ^ I / i n 

U G cST^Aex U ^ SMx ex U U 

(p-subsl) (p-subs2) 



t[x/u]Vn ~^ t{x/u}Vn t[x/u]Vn ^ t[x/u']Vn 

The strategy is deterministic so that t u and t v imply u = v. Moreover, the 
strategy is not necessarily leftmost-outermost or left-to-right because of the (p-subsl) rule: 
substitution propagation can be performed in any order. Notice that the syntactical details 
concerning the manipulation of substitutions are completely hidden in the definition of the 
strategy which is only based on the full composition property. This makes the results of 
this section to be abstract and modular. A basic property of the strategy is: 

Lemma 3.2. Let t, t' be terms. If t t' , then t —^xex 

Proof. By induction on the definition of the strategy using Lemma 12.21 □ 

The strategy turns out to be perpetual, that is, terminating terms are stable by anti- 
reduction (also called expansion). The proof of this property is presented in a modular 
way, by leaving all the details concerning the particularities of the substitution calculus to 
one single statement, called the IE property (Lemma 15. 9p and fully developed in the next 
section. 

Theorem 3.3 (Perpetuality Theorem). Let t,t' be terms. If t t' and t' G SMxex, then 

t G cSA^Aex. 



Proof. By induction on the definition of the strategy 
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• t = {Xx.s)uUn ^ s[x/u]un = t' by (p-B). If s[x/u]un G SAfxex, then S,U,Un € SAfxex- 
We show {Xx.s)uu;^ £ SMxe^ by induction on rjxex{s) + rjxexiu) + ^iei...n ??Aex('Uj)- For 
that, it is sufficient to show that every Aex-reduct of {Xx.s)uu^ is in SMxex- If the 
reduction takes place in a subterm of {Xx.s)uu^, then the property holds by the i.h. 
Otherwise {Xx.s)uljL^ —f^ s[x/u]u^ which is in SMxex by hypothesis. We thus conclude 
{Xx.s)uu:;i G SMxex- 

• t = s[x/u]u^ s[x/u']v^ = t' by (p-subs2), so that u ^ SAfxex and u ^ u'. If 
s[x/u']v^ G cSA^Aexi then in particular u' G SMxex, thus u G SMxex by the i.h. From 
n ^ SAfex and u G SMxex we can get any proposition, so in particular t G SAfxex- 

• t = s[x/u]v^ s{x/u}v^ = t' by (p-subsl) so that u G SMxex- Then the IE property 
(Lemma 15.91 in Section allows to conclude. 

All the other cases are straightforward. □ 

An inductive syntactic characterisation of the set SNxex can be now given using the 
perpetual strategy. This kind of characterisation is usually useful when developing SN 
proofs. An inductive syntactic definition of SN terms for the A-calculus is given for example 
in |vR96j . It was then extended in LLP"*" 04"! IBonOlbj for calculi with ES, but using many 



different inference rules to characterise SN terms of the form t[x/v\. We just give here one 
inference rule for each possible syntactical form. 

Definition 3.4 (Inductive Characterisation of SMxex)- The inductive set ZSJ\f is defined 
as follows: 

ti, . . . , t„ G ISM n>{) u[x/v\ti ...tn€ ISM n > 
(var) (a-pp) 

Xti...tn^ ISM {Xx.u)vti ...tn^ ISM 

u{x/v}ti . . . t„ G ISM V G ISM n > n G ISM 

(subs) (abs) 

u[x/v]ti ...tne ISM Xx.U G ISM 

Proposition 3.5. SMxex = ISM. 

Proof. If t G SMxex, then t G ISM is proved by induction on the lexicographic pair 
{VXex{'t),t) . If t G ISM, then t G SMxex is proved by induction on t G ISM using 
Theorem 13.31 □ 

The PSN property received a lot of attention in calculi with explicit substitutions, 
starting from an unexpected result given by Mellies |Mel95j who has shown that there are /9- 
strongly normalisable A-terms that are not strongly normalisable in calculi with composition 
such as Xa |ACCL9l] . Since then, many formalisms with and without composition have 
been shown to enjoy PSN. The proof technique used in this paper to show PSN is based on 
the Perpetuality Theorem and is mostly inspired from |ABR001 |LLD"'"04 lABROO] . However, 



the use of two quite abstract concepts, namely, full composition and the IE property, makes 
our proof much more modular than the existing ones. 

Theorem 3.6 (PSN for A-terms). If t G SMp, then t G ^A^Aex- 

Proof. By induction on the definition of SM/^ |vR96j using the inductive Definition 13.41 and 
Proposition 13.51 (which holds by the Perpetuality Theorem 13. 3p . 

If t = xti . . .tn with ti G SM/s, then ti G SMxex by the i.h. so that the (var) rule allows 
to conclude. The case t = Xx.u is similar. If t = {Xx.u)vti . . .tn, with u{x/v}ti . . . t„, G SM/s 
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and V € SJ\f then both terms are in SMxex by the i.h. so that the (subs) rule gives 
u[x/v]ti . . .tn & SMxex and the (app) rule gives {Xx.u)vti . . .tn ^ 5AA;^ex- D 



Alternative Proof. By induction on the definition of SMp |vR96j using the IE property 
(Lemma 15.91 in Section 

If t = xti . . .tn with ti G SN then ti E SAfxex by the i.h. so that t S SAfx^^ is 
straightforward. If t = Xx.u with u G SN p, then u e SMxex by the i.h. and thus t € SMxex 
is also straightforward. If t = {\x.u)vti . . .tn, with n{x/f }ii . . . t„ £ 'JA/'/j and f € SMp, 
then both terms are in SMxex by the i.h. The IE property gives t' = u[x/v]ti . . .tn & SMxex 
so that in particular u,v,ti . . . ,tn G SMxex- We show i = {Xx .u)vti . . . tn € SAfxex by 
induction on Hxexi^) + ^Aex('f) + ^Aex(^i)- For that, it is sufficient to show that every 
Aex-reduct of t is in SMxex- Now, if the Aex-reduct of t comes from an internal reduction, 
then conclude with the i.h. Otherwise, t -^xex t' which is already in SNxex- HH 

4. The Labelling Technique 

This section develops the key technical tools used to guarantee that the strategy ~^ 
(Definition 13. ip is perpetual. More precisely, we want show that normalisation of Implicit 
substitution implies normalisation of Explicit substitution: 

(IE) U £ SMxex & t{x/u}v:;;: e iSA^Aex imply t[x/u]u;^ G SAfxex 

For that we adapt the labelling technique [DGOll lABROOl IBonOlbj to the equational 
case. The technique can be summarised by the following steps: 

(1) Use a labelling to mark some Xex-strongly normalising terms used as substitutions. 
Thus for example indicates that u G T u G SAfxex- 

(2) Enrich the original Aex-reduction system with a relation ex used only to propagate 
terminating labelled substitutions. Let Aex be the enriched calculus. 

(3) Show that u £ SMxex & t{x/u}v^ S SMxex imply t[x/u]ivr E SMxex- 

(4) Show that t[x/tt]t)^ € SMxex implies t[x/u]v^ G SAfxex- 

We now develop the first and second points, leaving the two last ones to Section [5l 

Definition 4.1 (Labelled Terms). Given a finite set of variables S, the S-labelled terms (or 
simply labelled terms if S is clear from the context), are defined by the following grammar: 

Cs ■■■■= X I I Xx.Cs I Cs[x/Cs\ \ Cslx/vj {v€Tn SMxex & f v(t>) C S) 

Thus, labelled substitutions can only contain terms so in particular they cannot contain 
other labelled substitutions. Notice that all the terms (as defined in Section [2|) are labelled 
terms, but some terms with arbitrary labels are not. Labelled terms need not be confused 
with the decent terms of |Blo97j which do not have labels at all and are not stable by 
reduction. 

We can always assume that subterms Xx.u, u[x/v] and ii[a;/u] inside t € £§ are s.t. 
X ^ E>. Indeed, a-conversion allows to choose names outside S for the bound variables 
of labelled terms. As a consequence, no substitution (labelled or not) can be used to 
affect the bodies of other labelled substitutions (whose free variables are all in S). That 
means also that given a term t having a subterm no free occurrence of y in f 

can be bound in the path leading to the root of t. In other words, the bodies of labelled 
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Equations : 










t[y/u]lx/v} 




tlx/v\[y/u\ 


if X ^ f v(n) I 


?2 y ^ iv{v) 


tly/u}lx/v} 




tlx/v\ly/u} 


if X ^ f v(n) I 


y ^ iv{v) 


Rules : 










x\x/v\ 


~»Var 


V 






tlx/v\ 


— ^Gc 


t 


if X ^ f v(t) 




{tu)lx/v} 


^App 


tlx/vj n|x/f] 








^Lamb 


Xy.tlx/vj 






t[y/u][x/v} 


^Comp 


tlx/vj[y/ulx/vj] 


if X G f v(«) 





Figure 2: The ex-calculus 



substitutions are safe since they are already normalising and cannot loose normalisation 
after reduction/substitution. 

The idea behind the operational semantics of labelled terms, specified by the equa- 
tions and reduction rules in Figure [21 is that labelled substitutions may commute/traverse 
ordinary substitutions but these last ones cannot traverse the labelled ones. 

The rewriting relation — >x is generated by the rewriting rules in Figure [2] and the 
equivalence relation =e is generated by the conversions a and C. The reduction relation 
— >ex is generated by the rewriting relation — >x modulo =e- In particular, both relations — >x 
and — enjoy termination (see Lemma l4.7p . An even richer reduction relation A ex can 
be defined on labelled terms by adding to ex the old reduction relation Aex but now on 
labelled terms. That is, — >Aex is defined as the union of the rewriting relations and — >x 
on labelled terms modulo a U C U C-equivalence classes: 

t ~*Aex t' iff 3 S, s' S.t. t =eUe S ^BxUx s' =eUe t' 

In order to show that u G SAfxe^ & t{x/u}v^ G ^AA^ex imply t|x/u]l)^ G SM\e^ we first 
need to relate the Aex-reduction relation to that of the Aex-calculus. For that, the reduction 
relation Aex, which is defined on labelled terms, is split in two relations Aex* and Aex*^, on 
labelled terms as well, which will both be projected into Aex-reduction sequences. More 
precisely, Aex* can be weakly projected (eventually empty steps) into Aex while Aex^ can 
be strongly projected (at least one step) into Aex'^ (details in the forthcoming Lemma l5.2p . 

Definition 4.2 (Internal and External Reductions). The internal reduction relation -^x^x' 
on labelled terms is given by adding to ex the Aex-reduction relation in the bodies of 
labelled substitutions. Formally, ^Aex» is taken as the following reduction relation -^Xx* 
a U C U C-equivalence classes: 

• If ti — >Bx u' and u,u' are terms, then t|x/u] -^Xx^ ^[^/^'l- 

• If t ^x t', then t -^Xx' t' ■ 

• If t -^Xxi t', then tu -^Xx^ t'u, ut — >Ax» ^^'j Xx.t — >Ax» Ax.t', t[x/u] — >Ax' ^'[x/u]-, 
u[x/t\ u[x/t'], t|x/u] ^;,x' t'lx/uj. 

The external reduction relation — >Aex'= on labelled terms is given by Aex-reduction on 
labelled terms everywhere except inside bodies of labelled substitutions. Formally, — >Aex= is 
taken as the following reduction relation ^Ax= on a U C U C-equivalence classes: 

• If t ^Bx t' occurs outside a labelled substitution, then t -^Xx^ t'. 
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• If t ^Ax<= t', then tu ^Xx<= t'u, ut -^x^<^ ut', Xx.t —>-Xx<' Xx.t', t[x/u\ ^Xx<^ t'[x/u], 
u[x/t] — >AxE u[x/t'] and t|x/M] — S'Ax'^ ^'I^^/'^l- 

Lemma 4.3. ^Aex=^Aex" U ^Aex"- 

Proof. Since we are working everywhere with aUCUC-equivalence classes, then it is sufficient 

to show ^BxUx=^Ax» U ^Ax-^ • 

C: If t ^Bx t' occurs inside a labelled substitution, then t ^Xx^- ^'i otherwise t -^Xx^ t' . If 
t — >x t', then t -^Xx^ 

5: By induction on the definitions of ^Ax<= and — >Ax»- D 

Since Aex*-reduction will only be weakly projected into Aex, we need to guarantee that 
there are no infinite Aex*-reduction sequences starting at labelled term. This is exactly the 
goal of the final part of this section. We will then use this result in Section [5] to relate 
termination of Aex to that of A ex (Corollary 15. 4p . 

Definition 4.4 (A Decreasing Measure for Comp). For every variable x ^ S, the function 
af counts the number of bodies of non-labelled substitutions having free occurrences of 
X. Formally, Sifxi-) is defined on labelled terms as follows. 

afxiz) := af^(tn) := af^.(t) + af2..('u) 

afa;(Ay.t) := af^(t) af x{t[y/u]) := afj,(t) if x ^ f v(n) 

af^(t|y/n]) := af^.(t) af^(t[y/n]) := af^(t) + 1 + af^.(M) if x € f v(n) 

A second function dep(_) counts the total number of afa;(_) in a labelled term t, and this 
for all variables x which are bound by some labelled substitution of t. Formally, dep(_) is 
defined on labelled terms as follows. 

dep(x) := dep(tti) := dep(t) + dep(M) 

dep(Ay.t) := dep(t) dep(t[x/ii]) := dep(t) + dep(n) 

dep(i[x/ul) := dep(t) + af^(t) 

For example, given v = 'w[w/{xx)[y/x]], we have afa;(f) = 2 and dep(t;[y/u] |rE/xi]) = 5. 

Notice that afxit) = if x ^ aiid dep(t) = if t does not have labelled substi- 

tutions. Notice also that dep(t|x/u]) is well-defined in terms of af^, since we can always 
assume x ^ S by a-conversion. 

Definition 4.5 (A Decreasing Measure for x \ Comp). We consider the following function 
K(_) on terms: 

K(x) := 1 K{tu) := K{t)+K{u) + 1 

K(Ax.t) := K{t) + 1 K{t[x/u]) := K(t) • K{u) 

In order to extend K(_) on terms to IK(_) on labelled terms we define a special measure for 
Aex-strongly normalising terms. Thus, given u G SMxex, let us consider 

4>it) := 1 + ??Aex(i) +maxKAex(i), where maxKAex(i) := max{K(t') | t ^^ex 

Notice that (p is well-defined since Aex-strongly normalising terms have only a finite set 
of reducts. Notice also that (/>(t) > 2 for every term t. Moreover, t — >Aex t' implies 
VXex{t) > rjxexit') and niaxKAex(i) > maxKAex(i') so that (p{t) > (j){t'). 

We can now consider the following function 1K(_) on labelled terms. 

K(x) := 1 IK(tii) := -h ]K(n) -h 1 

K{\x.t) := ¥.{t[x/u\) := ]K(t) • ]K(u) 

Kitlx/uj) := Klt)-(p{u) 
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Lemma 4.6. Let t, u be S-labelled terms and let z Then, 

(1) t =a,c,c u implies a.fzit) = a.iz{u), dep(t) = dep(n) and IfC(t) = IC(ti). 

(2) t — >comp u implies aifz{t) = a.f z{u) and dep(t) > dep(u). 

(3) t — >x\comp ^ implies a.fzit) ^ ^^z{u), dep(t) > dep(ii) and K.(t) > ]K(ti). 

Proof. By induction on reduction. Notice that a.fz{i) > ^^ziu) holds for example for t = 
ti[x/ui] — >Gc = u, where ui — >gc u'l, z G fv(ni) and z ^ fv(n'^). Similarly, 

dep(t) = dep('u) holds for example for t — >var u, and dep(t) > dep(ii) holds for example for 
t = t2lz/u2j ^Gc i2l^;/w2l = u, where t2 ^gc ^2 ^£2(^2) > af 2(^2). □ 

Lemma 4.7. The reduction relation ex (and thus also x) is terminating. 

Proof. Since t — >ex u implies (dep(t), >iex (dep(u), ]K(t4)) by Lemma and >iex is a 
well-founded relation, then ex terminates. □ 

Lemma 4.8. The reduction relation Aex* is terminating. 

Proof. Lemma l4.6l fT]) guarantees that t =eue t' implies (dep(t), = (dep(t'), ]fC(t')). 

We now show that t — >Ax' ^' implies Bifzit) > a.fz{t') for z ^ S and (dep(t), lC(t)) >iex 
(dep(t'), ]K(t')). We proceed by induction on ^\y^i. 

• If i = -^Xx* ^Ix/v'} = t' comes from v -^bx v' , then af^(t) = a.iz{u) = a.iz{t'), 
dep(t) = dep(n) + a.lx{u) = dep(t') and K{t) = K{u) ■ (p{v) > K{u) ■ (p{v') = K{t'). 

• If t — >Ax» comes from t t', then conclude using Lemma 14.61 

• If t = -^x^i u'lx/vj = t' or t = u[x/v] — >Ax' u'[x/v] = t' or t = v[x/u] -^Xx' 
v[x/u'] = t' or t = uv —^Xx^ ^'^ = t' or t = vu -^Xx^ = t' or t = Xx.u —^Xx^ Xx.u' = t' 
comes from u -^Xx^ ^'j then the property trivially holds by the i.h. □ 



5. The IE Property 

This section is devoted to show the IE Property, this is done by using the labelled terms 
introduced in Section [4] as an intermediate formalism between t{x/u}v^ and t[x/u]v^. More 
precisely, we split the IE Property in two different steps: 

• Show that u G SMxex & t{x/u}v^ € SMxex imply tlx/uJlJ^ G <SMxex- 

• Show that tlx/uju^ G SMxex implies t[x/u]v^ G SMxex- 

In order to relate reduction steps in A ex to reduction steps in Aex we use a function xc 
from labelled terms to terms which computes all the labelled substitutions as follows: 



xc(x) 


:= X 


xc(tn) 


:= xc(t)xc(n) 


xc(Ay.t) 


:= Xy.xc{t) 


xc{t[x/u]) 


:= xc{t)[x/xc{u)] 


xc{tlx/vj) 


:= xc{t){x/v} 



Notice that xc{t) = i if t is a term. 

Lemma 5.1. Let t,t' be labelled terms. If t ^ex t' , then xc(t) = xc(t'). 

Proof. By induction on t -^ex t' ■ The interesting case is t = s[x/u]\y/v\ =c = 
t', with y ^ fv(M) & X ^ fv(w). The term xc(t) is equal to xc[s)[x / xc{u)\{y / v} = 
xc{s){y /v}[x/xc{u)\ = xc{t'). □ 
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Lemma 5.2 (Projecting Aex). Let t,t' be labelled terms. Then, 

(1) t =a,c,c t' implies xc{t) = xc(t'). 

(2) t ^^/t' implies xc{t) ^l^^ xc(t'). 

(3) t — >Ax= t' implies xc(t) ^^^^ xc(t'). 

Proof. 

(1) By induction on the conversion relation. 

(2) Internal reduction: 

• If -^x-iri ulx/v'J comes from v v' , then 

xc{ulx/vj) = xc{u){x/v} (i,[2J} Mu){x/v'} = xc{ulx/v'j). 

• If t ^Ax' comes from t t' (so that also t ^ex t'), then Lemma 15.11 gives 
xc{t) = xc(i'). 

• If uv -^Xy^i u'v where u ^Ax' '^'^ then 

xc{uv) = xc{u)xc{v) ^^g^ (-j ^ ^ xc(ii')xc(f) = xc{u'v). 

• If u[a;/u] — >Ax» where u —^Xx^ ^ ■• then 

xc(u\xlv\) = xc{u){xlv} ^. ^ & L.EU xc('u'){2;/w} = xc(u'[x/i;]). 

• The other cases are similar since xc does not alter application, lambda and substitu- 
tion. 

(3) External reduction: 

• If i — >Ax<= ^ comes from a reduction t which occurs outside a labelled substitu- 
tion, then xc(t) xc(t') can be shown by induction on t — >bx t' using Lemma [2.11 

• Iftu -^Xx'^ t'u, ut ^Ax<= ut', Xx.t —>Xx'' Xx.t', t[x/u] ^Ax<: t'[x/u] or u[x/t] ^Ax'= u[x/t'] 
comes from t -^Xx" t', then xc(t) -^xex xc(t') by the i.h. and thus the property 
holds by definition of xc and the fact that xc does not alter application, lambda and 
substitution. 

• If t|x/M] ^Ax'= comes from t ^Ax^ t' , then 

xc{tlx/uj) =xc{t){x/u} ^+ ^ ^^^^^ & i. xc(tO{xM = xc{t'lx/u}). □ 

Lemma 5.3. Let t be a labelled term. If xc{t) G SJ\fxex! then t G SJ\fxex- 

Proof. We apply the Abstract Theorem IA.2I in the Appendix [SI by taking Ai = Aex*, 
A2 = Aex^, A = Aex and u IZ U iff xc(u) = U. Lemma [5.21 guarantees properties PI 
and P2 and Lemma [4.81 guarantees property P3. We then get that xc{t) G SMxex implies 
t G SJ\f xex^vjXex'-^^ which is exactly SNxex by Lemma [43l We thus conclude. □ 

Corollary 5.4. Let t,u,v^ be terms. If u G SMxex & t{x/u}v^, G SMxex: then tlx/uJU^ G 

SMxex. 

Proof. Take S = fv{u). The hypothesis u G SJ\fxex allows us to construct the S-labelled 
term Moreover, xc{t) = t so that xc(t[x/u]lvr) = tlx/u}!!^ and we thus conclude 

by Lemma [5.31 □ 

Labelled terms can be unlabelled in such a way that Aex-reduction on unlabelled la- 
belled terms can be simulated by Aex-reduction. 

Definition 5.5 (Unlabelling). Unlabelling of labelled terms is defined by induction. 
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U(x) 



X 



U(tu) := U(t)U(ii) 

U(Ax.t) := Xx.\]{t) 

U(t[x/u]) := U(i)[x/U(it)] 

U(t[x/ul) := \S{t)[x/u] 

Notice that fv(t) = fv(U(t)). 
Lemma 5.6. ije< t G £§ s.i. U(t) ^Aex ^i- Then 3 ti G £§ s.i. t ^Aex ^i U(ii) = t'^. 
Proof. By induction on ^Aex St-nd case analysis. The interesting cases are the following. 

• t = u[x/v]ly/w} where y G fv(u), and 

\J{u[x/v]ly/wj) 

\]{u)[x/\J{v)][y/w] ^comp U(n)[2/H[x/U(?;)[yH] = t[ 

We then let ti = nly/w] [a;/i;[y/t(;]] so that U(ti) = t'l and t ^comp ti- 

• t = u[x/v]ly/w} where y ^ fv(i;), and 

\J{u[x/v]ly/w}) 

\]{u)[x/V{v)][y/w] =c \J{u)[y/w][x/\]{v)] = t[ 

We then let ti = uly/w}[x/v] so that U(ti) = t'^^ and t =c ti- 

• t = uly/w}[x/v]. By a-conversion we can always choose x ^ S, which is a fixed set of 
variables, so that we necessarily have x ^ fv{w) since fv{w) C § by construction. Now, 
consider 

\J{uly/wj[x/v]) 

^{u)[y/w][x/U{v)] =c \J{u)[x/\J{v)][y/w] = t[ 

We then let ti = u[x/v]ly/'w} so that U(ti) = t[ and t =c ti- 

• t = |x2/'U2]. Again, by a-conversion we can assume Xj ^ S so that Xj ^ fv{vj) 
since fv(uj) C § by construction. Now, consider 

U(nIxiM][x2Ml) = 

U(u)[xi/'(;i][x2/u2] =c U(u)[x2/f2][a;i/t;i] = 

U(nIx2Ml[a;iMl) =t'i 
We then let ti = ii|x2/f2][xi/t;i] so that U(ti) = t'^ and t =c ti. 
All the other cases are straightforward. □ 

Lemma 5.7. Let t G £§. If t e SMxex, then U(t) G SMxe^- 

Proof. We prove U(t) G SMxex by induction on r?Aex(i)- This is done by considering all the 
Aex-reducts of U(t) and using Lemma |5.6[ □ 

Taking S = f v(n) and transforming the term s[x/ii]?i^ into the §-labelled term s|x/n]ii^ 
we have the following special case. 

Corollary 5.8. Iftlx/u}v^ G SMxex, then t[x/u]v^ G SAfxex- 

We can now conclude with the main property required in the proof of the Perpetuality 
Theorem: 

Lemma 5.9 (IE Property). Lett,u,v^, be terms. If u G SMxex & t{x/u}v^ G SMxexj then 

t[x/u]v;^ G SMxbx- 

Proof. By Corollaries 15.41 and 15.81 □ 
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6. Intersection Types 



The simply typed calculus is a typed lambda calculus whose only type connective is the 
function type. This makes it canonical, simple, and decidable |Tai67j . The simply typed 
lambda calculus enjoys the j3-strong normalisation property stating that every /^-reduction 
sequence starting with a typed A-term terminates. 

However, some intersection type disciplines |CDC78[ ICDC80| are more expressive and 
flexible than simple type systems in the sense that not only are typed A-terms /3-strongly 
normalising, but the converse also holds, thus giving a characterisation of the set of (3- 
strongly normalising A-terms. 



-04 



Intersection types for calculi with explicit substitutions have been studied in [LLP 
IKikOTjlKC] . Here, we apply this technique to the Aex-calculus, and obtain a characterisation 
of the set of Aex-strongly normalising terms by means of an intersection type system. 

Types are built over a countable set of atomic symbols as follows: 



A ::= a (atomic) \ A ^ A \ Ar^ A 

An environment is a finite set of pairs of the form x : A. Typing judgements have the 
form T \- t : A where t is a term, ^ is a type and T is an environment. The intersection 
type system, called System fl, is defined by means of the set of typing rules in Figure [3l 





(ax) 


r h t 


:A^B r h u : 


A 


(app) 


T,x : A'^ X : A 




Thtu: B 




T,x: A\-t: B 


(abs) 




:B r,x: Bht 


: A 


(subs) 


r h Xx.t -.A^B 




r h t[x/u] : A 




Tht: A Tht: B 


(ni) 




r h t : ^1 n ^2 




(n E) 


Tht: AnB 




Tht:Ai 





Figure 3: System 0: an intersection type discipline for terms 



A derivation of a typing judgement T \- t : A, written T l-n t : A, is a, tree obtained by 
successive applications of the typing rules of the system n. A term t is said to be Ci-typable, 
iff there is an environment F and a type A s.t. T hf^ t : A. Notice that every A-term is 
Ci-typable iff there is an environment F and a type A s.t. F hp t : A holds in the system 
which only contains the typing rules {ax, abs, app, n I, H E} in Figure [3l 

The well-known characterisation of the set of /3-strongly normalising A-terms reads now 
as follows: 



Theorem 6.1 ([Pot80]). Let t be a X-term. Then t is n-typable iff t € SNf3. 

A subtyping relation on intersection types is now specified by means of a preorder. 
This will be used to establish a Generation Lemma transforming any type derivation into 
a specific derivation depending only on the form of the term (and not on the type). Thus, 
the Generation Lemma turns out to be extremely useful to reason by induction on type 
derivations. 
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Definition 6.2. The relation -C on types is defined by the following axioms and rules 

(1) A<^A 

(2) Ar\B and Ar\B 

(3) A < 5 & S < C imphes A<^C 

(4) A < B & A < C imphes A < B n C 

Lemma 6.3. IfFhat-.B and B <^ A, then T hn t : A. 

Proof. Let T \-f^ t : B. We reason by induction on the definition oi B <^ A. 
Case B = A<^ A: Trivial. 

Case B = AnC <^ A and B = C n A <^ A: Use n E. 

Case B <^ C,C <^ A: Use (twice) the i.h. to get successively T hp i : C and then 
r^nt:A. 

Case B <^ Bi, B <^ B2, A = Bi n B2: Use (twice) the i.h. to get F hn t : Bi and 
r hn t : B2, then apply n I. □ 

We use the notation n for {1 . . . n} and n„Ai for Ai PI ... PI An- 

Lemma 6.4. Let n„j4j ^ (ImBj, where none of the Ai and Bj is an intersection. Then 
for each Bj there is Ai s.t. Bj = Ai. 

Proof. By induction on the definition of n„^j <C HmBj. Let CipCk be some type where none 
of the Ck is an intersection type. 
Case DnAi < DnAii Trivial. 

Case DmBj D DpCk < DmBj and DpCk D DmBj < CimBji Trivial. 

Case HnAi ^ HpCfc, HpCk <C CimBj: Applying the i.h. a first time we have for each Bj 

a Cfc s.t. Bj = Ck- Applying the i.h. again we have for each a A^ s.t. = A^. 

Thus we can conclude. 
Case n„Aj <C i?i PI . . . n 5^, n„Aj <C -Bfe+i n . . . n By the i.h. we have for each 

Bj,l < j < k a type Ai s.t. i?j = Ai and for each Bj, k + l<j<ma type s.t. 

Bj = Ai. Thus we can conclude. □ 

Lemma 6.5 (Generation Lemma). 

(1) T hnx : A iff there is x : B eT and B <^ A. 

(2) r hn t[a;/n] : A iff there exist Ai, Bi {i G n) s.t. n„Aj <^ A and Mi ^ n,T \-f^ u : Bi and 
T,x : Bi\-nt : A,. 

(3) T tu : A iff there exist Ai, Bi (i E n) s.t. DnAi <^ A and Vi S n, F hp t : -Bj ^ 
and T \-Q u : Bi. 

(4) r hn Xx.t : A iff there exist Ai,Bi [i € n) s.t. n„(Ai Bi) ^ A and Vi G n, r,x : 
Aj hn i : -Bi- 

(5) r hn Xx.t -.B^C iffr,x -.Bhnt-.C. 

Proof. The right to left implications follow from the typing rules of the intersection type 
system n and Lemma 16.31 

The left to right implication of the first four points are shown by induction on the 
typing derivation of the left part. We only show the two first points as the other ones are 
similar. 

(1) Consider T x : A. 

• Suppose the derivation is (ax) so that x : A £T, then B = A. 
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Suppose A = Ci f] C2 and the root of the derivation is 

r h X : Ci rhx:C2 



n I 



r h X : Ci n C72 

By the i.h. there is Bi <^ Ci and B2 <C C2 s.t. x : Bi,x : B2 €T, thus Bi = B2 and 
Bi <^ Ci n C2 concludes the proof of this case. 

• Suppose the root of the derivation is 

Thx: AnA' 

(n E) 

Thx:A 

By the i.h. there is B <ti AoA' s.t. x . B £T. By transitivity B <^ A which concludes 
the proof of this case. 

• There is no other possible case. 
(2) Consider F hn t[x/u] : A. 

• Suppose the root of the derivation is 

Thu: B T,x: Bht:A 
(subs) 

r h t[x/u\ :A 

then the property immediately holds by taking n = 1, Bi = B and Ai = A. 

• Suppose A = Ci n C2 and the root of the derivation is 

r h t\x/u\ :Ci r h t\x/u\ : C2 
(n I) 

rht[x/u]:CinC2 

By the i.h. there are Ai, Bi {i G n) s.t. n„Aj <C Ci and T hp, u : Bi and T,x : Bi hp 
t : Ai for all i G n. Also there are A'^,B- {i G r/) s.t. Hn'^- <C C2 and T hp u : B[ 
and r,x : B[ hp t : ^- for all i G n!_. Since n„^j n Hn'^- <C Ci fl C2, this concludes 
this case. 

• Suppose the root of the derivation is 

r h t\x/u] ■.Ar\B 
(n E) 

Tht[x/u]:A 

By the i.h. there are Ai, Bi {i G n) s.t. n„ylj ^ ^ n and T \- u : Bi and T, x : i^j h 

t : for all i € n. Since n„^j <C A, this concludes this case. 
The left to right implication of point [5] follows from point [4] and Lemma 16. 4[ Indeed, if 
r hn Xx.t : B ^ C, then point H gives r,x : Bi hn t : d for n„(Bi ^ d) <^ B ^ C. 
Lemma 16.41 gives B ^ C = Bj ^ Cj for some j G n, thus T,x : B \-n t : C. □ 

The rest of the section is now devoted to establish some connections between typable 
and strongly normalisable terms in the Aex-calculus. 

Definition 6.6. The function V(_) from terms to A-terms is defined by induction as follows: 

V(x) := X V(tn) := Y{t)V{u) 

V(Ax.t) := Ax.V(t) V(t[x/n]) := {Xx .V {t))V (u) 

This function is compositional with respect to substitution: 

Lemma 6.7. Let t,u be terms. Then V(t){x/V(u)} = V(t{x/M}). 

Proof. By induction on t. □ 
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The function V(_) does not modify typability. 
Lemma 6.8. Let t be a term. Then T hp V(t) ■.AiffT'rnt:A. 

Proof. By induction on t using the Generation Lemma 16.51 □ 

Theorem 6.9 (Typable Terms are SN). If t is D-typable, then t € SAfxex- 

Proof. By Lemma 16.81 the A-term V(t) is also H-typable so that the left to right implication 
of Theorem 16.11 gives V(t) G SJ\ff3 and then the PSN Property (Theorem 13. 6p gives V(t) € 
SMx ex' Since V(t) >^ t (a straightforward induction on t), then t is necessarily in jSA/'abx' 

□ 

We now complete the picture by showing that the intersection type discipline for terms 
gives a characterisation of Aex-strongly normalising terms. 

Lemma 6.10. Let t be a term s.t. Y(t) -^p t'^. Then, 3 ti s.t. t -^^ex '^'^^ ^'i ~ ^(^i)- 
Proof. By induction on the reduction step V(t) -^p t'l. 

• If Y{{Xx.u) v) = {Xx.V{u))Y{v) -^13 V(tt){x/V(z;)}, then let ti = u{x/v}. We have 
{Xx.u) V — >B u[x/v\ — ^I?2\ ''^{^h} ^'^'^ conclude by Lemma [6771 

• If V[u[x/v\) = {\x .V [u))V {v) V{u){x/V{v)}, then again we conclude by letting ti = 
u{x/v}. 

• If V(n[x/f]) = (Ax.V(n))V(f ) -^p (Ax.n'^)V('y), where V(ii) -^p u'l then the i.h. gives ui 
s.t. u[ = V(ui) and u — ^^g^^ ni. Let ti = ui[x/v]. We have u[x/v] -^xex ui[x/v] and 
{Xx.u[) V{v) = V{ui[x/v]). 

• If Y{u[x/v]) = {Xx.Y{u))'V{v) -^p {Xx.Y{u))v'i, where V{v) -^p v'l, then proceed as in the 
previous one. 

• All the other cases are straightforward. □ 

Theorem 6.11 (SN Terms are Typable). Ift(z ^A/'asx? then t is D-typable. 

Proof. Let t € SMxex- One first shows that V(t) e SAfp by induction on rjxexit)- This is 
done by considering all the /3-reducts of V(t) and using Lemma 16.101 

Now, V(t) G SMjs implies that V{t) is fl-typable by the right to left implication of 
Theorem 16.11 Finally, Lemma 16.81 allows to conclude that t is fl-typable. □ 

Corollary 6.12. Let t be a term. Then t is D-typable iff t ^ SMxex- 

We conclude this section by focusing on the particular case of the simply typed Aex- 
calculus : types are only built over atomic symbols and functional types so that the type 
system only contains the typing rules {ax, abs, app, subs} in Figure O Since every simply 
typed A-term is /3-strongly normalising (this is the restriction of the left to right implication 
of Theorem 16.11 to simple types), then in particular: 

Corollary 6.13 (Simply Typed Terms are SN - First Proof). Simply typed Xex-calculus is 
Xex-strongly normalising. 

This proof depends however on previous results by |Pot80j . Another self-contained 
argument can be given by means of the arithmetical technique |vD77] . and is extremely 
short. 

Lemma 6.14. Ift^,u^ € SNx^x, then t{x^ /u^] € ^A^Aex- 
Proof. By induction on the lexicographic triple {B , rjxexit) , t) ■ 
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• t = X. Then x{x/u} = u G SAfxex by the hypothesis. 

• t = yv^i with X ^ y and n > 0. The i.h. gives Vi{x/u} G SAfxex since ??Aex(?^i) decreases 
and Vi is strictly smaller than t. Then we conclude by Definition 13.41 and Proposition 13.51 

• t = xvv^. The i.h. gives V = v{x/u} and Vi = Vi{x/u} in SMxex- We show t{x/u} = 
uVVn e SMxex by induction on rjxexiu) + VXexiV) + Siei...n ??Aex(Vi). For that, it is 
suflttcient to show that all its reducts are in SMxex- If the reduction takes place in a 
subterm of u,V,Vn, then we conclude by the i.h. Otherwise, suppose u = Xy.U and 
{Xy.U)VVn U[y/V]Vn- Then type(y) = type(t;) < type(n) = type(x) so that 
U{y/V} G SMxex by the i.h. Let us write U{y/V}Vn = {z%){z/U{y/V}}. We_have 
type(C/{y/y}) = type(i7) < type(n) so that again by the i.h. we get U{y /V}Vn € 
SMxex- We conclude U[y/V]Vn € SMxex by Definition 13.41 and Proposition 13.51 

• t = Xy.v. Then v{x/u} G SMxex by the i.h. and thus t{x/u} = Xx.v{x/u} € SMxex 
follows from Definition 13.41 and Proposition 13. 5[ 

• t = {Xy.s)vv^. The i.h. gives S = s{x/u}, V = v{x/u} and Vi = Vi{x/u} in SMxex- 
To show t{x/u} = {Xy.S)VVn G SAfxex we reason by induction on T]xex{S) + r]xex{V) + 
5^iei...n "HXexiyi)- For that, it is sufficient to show that all its reducts are in SMxex- If 
the reduction takes place in a subterm of (Xy.S), V, Vn, we conclude by the i.h. Otherwise 
suppose {Xy.S)VVn S[y/V]Vn. Take r_= s[y/v]v:;^. Since ??Aex(r)^ r/Aex(i), then the 
i.h. gives T{x/u} € SMxex- But S[y/V]Vn = T{x/u} so that S[y/V]Vn G ^A^Aex- 

• t = s[y/v]v^. The i.h. gives S = s{x/u} and V = v{x/u} and Vi = Vi{x/u} are in SMxex- 
They are also typed. We claim t{x/u} = S[y/V]Vn G SMxex- The perpetual strategy 
gives 

t{x/u} = S[y/V]V:: - S{y/V}V: 
This last term can be written as T{x/u} where T = s{y/v} v^. Since rjxex{T) < TjXexi't)^ 
then the i.h. gives T{x/u} G SAfxex and thus Theorem 13.31 gives S[y/V]Vn in SMxbx- HH 

Corollary 6.15 (Simply Typed Terms are SN - Second Proof). Simply typed Xex-calculus 
is Xex-strongly normalising. 

Proof. Let t be a simply typed term. We reason by induction on the structure of t. The 
cases t = X and t = Xx.u are straightforward. If t = uv, then u, v are typed so that 
u, f G SMxex by the i.h. We write t = {zv){z/u}, where zv is SMxex by Definition 13.41 The 
term zv is also appropriately typed. Lemma 16.141 then gives t G SAfxex- If t = u[x/v], then 
u,v are typed and by the i.h. u,v £ SMxex so that Lemma [6.141 gives u{x/v} G SMxex- 
Definition 13.41 and Proposition 13.51 allow us to conclude u[x/v] G SMxex- D 

7. Deriving Strong Normalisation for Other Related Calculi 

We now informally discuss how strong normalisation of other calculi with ES (having 
or not safe composition) can be derived from strong normalisation of Aex. 

• The Ax-calculus |Lin86[ lLin92l lRos92] is just a sub-calculus of Aex, with no equation and 
no composition rule. Thus, the fact that t — >Ax i' implies t — >Aex ^' straightforward. 
Since simply typed terms in both calculi are the same, we thus deduce that typed terms 
are Ax-strongly normalising. 

• The Aes-calculus |Kes07j can be seen as a refinement of Aex, where propagation of substi- 
tution with respect to application and substitution is done in a controlled way. We refer 
the reader to |Kes07j for details on the rules. The fact that t —^xes i' implies t — >Aex ^' 
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straightforward. Simply typed terms in both calcuh are the same, we thus deduce that 
typed terms are Aes-strongly normalising. 

• Milner's calculus with explicit partial substitution |Mil06j . called Xgub^ is able to encode 
A-calculus in terms of a bigraphical reactive system. The operational semantics of Xgub 
is given by reduction rules which only propagate a substitution of the form [x / u] on one 
occurrence of the variable x at a time (see for example |Mil06j for details). In jKC| it is 
shown that there exists a translation T from terms to terms such that t -^x^^^ t' implies 
T(t) — >^g3 T(i'). Since simply typed terms in both calculi are the same, we conclude that 
typed terms are As„fe-strongly normalising from the previous point. 

• A A-calculus with implicit partial /3-reduction, written here A^^, appears in |dB87| . Its 
syntax is the one of the pure A-calculus (so that there is no explicit substitution operator) 
and its semantics is similar to that of Xgub since arguments are consumed on only one 
occurrence at a time. Similarly to |KCj one can define a translation T from A-terms to 
terms such that one-step reduction in A/j^ is projected into at least one-step reduction in 
Xgub- Since simply typed A-terms translate to simply typed terms, then typed A-terms 
are A^ -strongly normalising from the previous point. 

• David and Guillaume |DG01] defined a calculus with labels, called A^^, which allows 
controlled composition of ES without losing PSN. The calculus X^s has a strong form of 
composition which is safe but not full. Its simply typed named notation can be translated 
into simply typed terms in such a way that one-step reduction in X^s implies at least one- 
step reduction in Aex. Thus, SN for typed terms in X^s is a consequence of SN for typed 
Aex. 

• A calculus with a safe notion of composition in director string notation is defined in |SFM03j . 
The named version of this calculus can be understood as the Ax-calculus together with a 
composition rule of the form: 

t[x/u][y/v] t[x/u[y/v]] if y G fv{u) k, y ^ fv(t) 

This composition rule can be easily simulated by the rules Comp and Gc of the Aex- 
calculus so that the whole calculus can be simulated by Aex. As a consequence, simply 
typed terms turn out to be strongly normalising. 

• The Aesw-calculus |Kes07j was used as a technical tool to show that Aes enjoys PSN. 
The syntax extends terms with weakening constructors so that it is straightforward to 
define a translation T from Aesw-terms to terms which forgets these weakening operators. 
The reduction relation Aesw can be split into an equational system £■ and two rewriting 
relations Ci and £2 s.t. 

(1) If t =s t' or t t' then T(t) =c T(t') 

(2) Ift^^, t' thenT(t) ^+ , T(t') 

The reduction relation generated by the rules Ci modulo the equations £ can be easily 
shown to be terminating. Also, simply typed Aesw-terms trivially translate via T to 
simply typed terms. Thus, the Abstract Theorem given in the Appendix Rl allows us to 
conclude that typed Aesw-terms are Aesw-strongly normalising. 

8. Confluence 

In this section we study confluence of the Aex-calculus. More precisely, we show conflu- 
ence of the relation ^Aex on metaterms, which are terms containing metavariables denoting 
incomplete programs/proofs in a higher-order framework |IIue76| . Metavariables should 
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come with a minimal amount of information to guarantee that some basic operations such 
as instantiation (replacement of metavariables by metaterms) are sound in a typing context. 
We thus specify metavariables as follows. We consider a countable set of raw metavariables, 
denoted X, Y, . . .. To each raw metariable X, we associate a set of variables A, thus yielding 
a decorated metavariable denoted by Xa- Thus for example ^x,y,z and Y^^z are decorated 
metavariables. This decoration says nothing about the structure of the incomplete proof 
itself but is sufficient to guarantee that different occurrences of the same metavariable are 
never instantiated by different metaterms. 

The set of metaterms is defined by the following grammar. 

M::=x\Xa\M M \ Xx.M \ M[x/M] 

Notice that terms are in particular metaterms. 

We extend the notion of free variables to metaterms by fv(XA) := A. Thus, a- 
conversion turns out to be perfectly well-defined on metaterms by extending the renaming 
of bound variables to the decoration sets. Thus for example Xx.Yx^x,y =a Az.Yj-X^^y. 

M eta- substitution on metaterms extends that on terms by adding two new cases: 

Xa{x/i;} := Xa if x ^ A 

Xa{x/u} := 'Kj\[x/v\ if X G A 

Lemma 8.1. Let t,u be metaterms. Then t{x/u} = t if x ^ fv(t). 

Proof. By induction on t. □ 

The following property holds for metaterms. 

Lemma 8.2 (Composition Lemma). Let t,u,v be metaterms and let x,y s.t. x ^ y and 
X ^ fv(t;). Then t{x/u}{y/v} =e t{y/v}{x/u{y/v}}. 

Proof. By induction on metaterms using Lemma lSTTl Notice that =e is needed for the case 
where t is a metavariable. □ 

Reduction on metaterms must be understood in the same way reduction on terms: 
the Aex-relation is generated by the ^Bx-reduction relation on e-equivalence classes of 
metaterms. 

Reduction on terms and metaterms enjoys stability by substitution and full composition. 

Lemma 8.3 (Stability of Reduction of Metaterms by Substitution). Let t, u be metaterms. 
For IZ G {x, ex. Ax, Aex}, if t -^-ji t' , then u{x/t} u{x/t'} and t{x/u} -^-ji t'{x/u}. 
Thus in particular t{x/u} E SN-ji implies t € SM-ji. 

Proof. By induction on t ^ t' . □ 

Lemma 8.4 (Full Composition for Metaterms). Let t,u be metaterms. Then t[x/u] 
t{x/u}. 

Proof. The proof can be done by induction on t using Lemma[8TTJ In contrast to full 
composition on terms (Lemma 12. 2p . the property holds with an equality for the base case 
t = Xa with X € A since XA[a;/'u] = ^/^{x/u}. □ 
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It is well-known that confluence on metaterms fails for calculi without composition for 
ES as for example the following critical pair in the Ax-calculus shows 

s = t[x/u\[y/v] *^ {{Xx.t) u)[y/v] t[y/v][x/u[y/v]] = s' 

Indeed, while this diagram can be closed in Ax for terms without metavariables |BR95j . 
there is no way to find a common reduct between s and s' whenever t is (or contains) 
metavariables: no Ax-reduction rule is able to mimic composition on raw/decorated metavari- 
ables. Fortunately, this diagram can be closed in the Aex-calculus as follows. If y G fv{u), 
then s ^comp s', otherwise s' (^.[831 t[y/v][x/u{y/v}] =(^l.\83 t[y/v][x/u] =c s'. 

We now develop a confluence proof for metaterms which is based on the existence of a 
mapping allowing to verify the Z-property as stated by van Oostrom jvO] . 

Definition 8.5 (Z-Property). A map ° from terms to terms satisfies the Z-property for a 
reduction relation ^-ji iff t -^-ji u implies u t° and t° u° . A reduction relation ^-ji 
has the Z-property if there is a map which satisfies the Z-property for — >7^. 

It turns out |vOj that —5-7^ is confluent if it has the Z-property (see Theorem lA.ll in the 
Appendix|A]), so to show confluence of Aex it is then sufficient to define a map on metaterms 
satisfaying the Z-property. Such a map can be defined in terms of the superdevelopment 
function for the A-calculus |Acz781 lvR93| . 

Definition 8.6 (Superdevelopment Function). The function _° on metaterms is defined by 
induction as follows: 

:= Xa (*^)° •= t°u° if t° is not an abstraction 

x° := X {tu)° := v{x/u°} iit° = Xx.v 

{Xx.ty := Xx.t° t[x/u]° := t°{x/u°} 

Notice that fv(t°) C fv{t). 

Lemma 8.7. Let t,u be metaterms. Then t°u° —>-*x^^ (tu)°. 

Proof. If t° is not an abstraction, then t°u° = {tu)° . If t° = Xy.s, then t°u° = iXy.s)u° 

Lemma 8.8. Let t,u be metaterms. Then t°{x/u°} —^*xex t{x/u}°. 

Proof. The proof is by induction on t. Suppose t = vw. 

• If v° is not an abstraction, then 

{vw)°{x/u°} = 

v°{x/u°}w°{x/u°} (,.^,) v{x/uYw{x/uY (^.[53 {vw){x/uY 

• If f ° = Az.r, then the i.h. gives v°{x/u°} = {Xz.r){x/u°} —**\ey^ v{x/u\° so that 
v{x/u}° = Xz.s where r{x/u°} — ^^g^ s. As a consequence, 

{vwy{x/u°} = 
r{z/w°}{x/u°} =g (^[821 

r{x/u°}{z/w°{x/u°}} ^l^^ s{z/w°{x/u°}} 

^Lx (i.h. & L.E3J 

= {v{x/u}w{x/u})° 
= {vw){x/u}° 
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The case t = v[y/w] also uses the i.h. and Lemma [821 All the other cases are straightfor- 
ward. □ 

Lemma 8.9. Let t be a metaterm. Then t -^xex ^° ■ 

Proof. By induction on t. The interesting cases are the following ones. 

.t = uv: Then uv ( ^ u°v° {uvY = t°. 

. t = u[x/v]: Then u[x/v] (. ^ ^ u°[x/v°] u°{x/v°} 

All the other cases are straightforward. □ 
Lemma 8.10 (Towards the Z-Property). Let t,u be metaterms. If t -^bx u, then u — ^^^^ 

+o * o 
^Aex ^ ■ 

Proof. By induction on t — >bx u. 

• If t = Xx.r — >Bx Ax.s = u, where r — >bx s, then the property holds by the i.h. 

• If t = r[x/v] — >Bx s[x/v] = u, where r ^bx s, then 

u = s[x/v] ^^3, r°[x/v] 

^IxiLEM -°W-°} = *° -Lx lEji = 



s[x/v]° = u° 

If t = u[x/r] ^Bx I'ia^/s] = ti, where r — j-bx -s, then proceed as in the previous case. 



If t = ru — >Bx sv = u, where r — >bx s, then sv —*X ,■ u\ r°v —>*. , , rn-ni 'r°v° ^ , 



(rv)° ■ For the second part of the statement there are two cases: 

— If r° is not an abstraction, then {rv)° = r°v° -^\^y. (j ^ s°v° — ^^^^ (l [8771 

— If r° = Xz.w, then the i.h. r° ^*xex ^° implies s° = Xz.q, where w ^^g^ 1- conclude 
with (rvr = w{z/v°} ^l^^ q{z/v°} = {svy . 

lft = vr ^Bx vs = u, where r ^bx s, then vs ) 7;r° v°r° 

(it)". For the second part of the statement there are two cases: 

— If v° is not an abstraction, then {vr)° = v°r° — ^ v°s° = {vs)°. 

— If t;° = Xy.w, then {vr)° = w{y/r°} ^*^^ ^ . ^ ^ rlR-n = (^^)°- 



• If t = x[x/v] ^var V = u, then = = v°. We conclude since ^^g^ f° 
holds by Lemma [879l 

• If t = r[x/v] — >Gc r = u, then r[x/w]° = r°{x/i;°} =(-l [g7T] | 1"° . We conclude since 
r ^^gx r° holds by Lemma fS.Ql 

• If t = {rs)[x/v\ — >App [x/t;] s [x/u] = n, then 



ex(L.|X4k r°{xK}s°{xK} 



(rs)[x/i;]° = r 



For the second part there are two cases. 
If r° is not an abstraction, then 



t° 



r°{x/v°}s°{x/v°} = r[x/vfs[x/v]° ^^g^J {r[x / v]s[x / v])° 
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— If r° = Xy.q, then r[x/v]° = Xy.q{x/v°}, so that 

t° ={rs)[x/v]° 
= {rs)°{x/v°} 

= q{y/s'^}{x/v°} =3(L.[0 q{x/v°}{y/s°{x/v°}} = 

q{x/v°}{y/s[x/vn = 
{r[x/v]s[x/v])° = u° 

• If t = {Xy.r)[x/v] ^Lamb Xy.r[x/v] = u, then {Xy.r)[x/v]° = Xy.r°{x/v°}. We have 

u = Xy.r[x/v] Xy.r°[x/v°] Xy.r°{xy} = f = u° 

• If t = r[x/v][y/w] ^comp rly/wjlx/vly/w]] = u, then 

u = r[y/w][x/v[y/w]] 
r°[y/w°][x/v°[y/w°]] 
r°{y/w°}{x/v°{y/w°}} (^.g^j r°{xK}{y/u;°} = t° 

Since ii° = r°{y/w°}{x/v°{y/'w°}}, then we have t° —^*xex ^° well. □ 

Lemma 8.11. Let t,u be metaterms s.t. t =e u. Then, 

• If r =e s, then t{x/r} =e n{x/s}. 

. t° =e 

Proof. Suppose t =e holds in n steps. Both properties can be simultaneously proved by 
induction on the lexicographic pair {n,t). □ 

Corollary 8.12 (Z-Property). Let t,u be metaterms. Ift ^Aex u, then u — >^ex ^° ~^Aex 

Proof. Let t =e r — j-bx s =e "^i- By Lemma rS.lOl r ^^gj, s° ^^g^ ^° ^'^'-^ Lemma. 18. Ill 
t° =e r° and s° =e u°. We thus conclude t ^l^^ u° ^l^^ t°. □ 

Corollary 8.13 (Confluence). The reduction relation ^Aex is confluent on metaterms. 

Proof. Corollary 18.121 guarantees the Z-property. We conclude by Theorem lA.ll in the 
Appendix [Al □ 



9. Conclusion 

We propose simple syntax in named variable notation to model a calculus with explicit 
substitutions enjoying good properties, specially confluence on metaterms, preservation of 
/3-strong normalisation, strong normalisation of typed terms and implementation of full 
composition. 

A simple perpetual strategy is defined for calculi with ES enjoying full composition 
in a modular way. This strategy is used to provide an inductive definition of SN terms 
which is then used to prove that untyped terms enjoy PSN. The inductive characterisation 
of SN terms and the PSN theorem are really modular with respect to other proofs in the 
literature [LLD"'"04l IBonOlbj . especially because we make an intensive use of two abstract 
properties: full composition and the IE property. Last but not least, our development 
is direct, since it is not based on similar properties for other related calculi, and has a 
constructive style, since no classical axiom seems to be needed. 
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Some remarks about the application of this modular method to other calculi with ES 
might be interesting. On one hand, the technology presented in this paper has been success- 
fully applied to other calculi with explicit substitutions enjoying full composition |KR09l 
IAG09j . On the other hand, full composition alone is not sufficient to achieve the SN 
proof, otherwise the Acj-calculus |ACCL9l] . which is known to not being strongly normal- 
ising |Mel95] ■ could be treated. Indeed, our strategy is not perpetual for Act: Mellies' 
counter-example is based on an infinite Ac-reduction sequence starting from a simply typed 
term which is not reached by our perpetual strategy. In other words, is incomplete for 
Ao". The definition of a perpetual strategy for Ao" remains open. 

We believe that a de Bruijn or nominal version of Aex could be useful in real imple- 
mentations. In the first case, this could be achieved by using for example Ao"^ technology 
(so that equation C can be eliminated) together with some control of composition needed 
to guarantee strong normalisation. 

Another interesting issue is the extension of Pure Type Systems (PTS) with ES in 
order to improve the understanding of logical systems used in theorem-provers. Work done 
in this direction is based on sequent calculi |LDM06j or natural deduction |Muh01j . The 
main contribution of Aex with respect to the formalisms previously mentioned would be the 
safe notion of full composition. 
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Appendix A. Abstract Reduction Results 

Theorem A.l (Z implies Confluence). If has the Z-property, then is confluent. 

Proof. We give a proof following the picture appearing in |vOj which proceeds in many 
steps. Suppose that _° is some map satisfying the Z-property for TZ. 

(1) Define a* := a if a is in 7^-normal form, a* := a° otherwise. 

(2) Prove that _* also satisfies the Z-property for -^-r. 

Proof. If a b, then b a° b° by the hypothesis and a' = a° by Point ^ 
so that b — >^ a*. If 6 is an 7^-normal form, then b* = b = a° = a* so that a' 6*. If 
b is not an 7?-- normal form, then 6* = b° so that also a* = a° b° = b*. 

(3) Prove that a — a*. 

Proof. If a is an 7^-normal form, then a* = a so we are done. Otherwise, there is b 
such that a — 6, so that Point ([2]) gives b a' and thus a a' . 

(4) Prove that a — b implies a* b'. 

Proof. By induction on the number n of steps from a to 6. If n = 0, then a = b and 
a* = b'. If n > 0, then a —^-ji c — >^ 6, where c — b holds in n — 1 steps. Point ([2]) and 
the i.h. give a' c* b'. 

(5) Conclude confluence of — >7^. 

Proof. Let t ti and t — >^ ^2 • We want to show that there is t^ such that ti — >^ ^3 
and t2 ^3. We proceed by induction on the number n of steps from t to ^2- If n = 0, 
then t = t2 and we take t^ = ti so we are done. If n > 0, then t -^-ji u t2, with 
n — 1 steps from u to t2. By Point ^ u — >^ t' and by Point (H]) — >^ t* so that 
u t*. By Point ^ ti — i-^ t*. Now, u t\ and u t2 holds in n — 1 steps so 
we close the diagram by the i.h.. □ 

Theorem A. 2 (Modular Strong Normalisation). Let Ai and A2 be two reduction relations 

on s and let A be a reduction relation on S. Let TZ C s x S. Suppose 

PI: For every u,v,U (u TZ U &i u Ai v imply 3V s.t. v RV and U A* V). 

PI: For every u,v,U (u TZ U h u A2 v imply 3V s.t. v TZ V and U A~^ V). 

PI: The relation Ai is well-founded. 

Then, t TZ T &: T £ 5AA_4 imply t E 5AA^jU^2 ■ 

Proof. A constructive proof of this theorem can be found as Corollary 26 of |Len06j . A 
proof by contradiction can be easily done as follows. Suppose t ^ 5AA_4^uyl2- Then, there is 
an infinite ^1 U ^2-i'eduction sequence starting at t, and since Ai is a well-founded relation 
by P3, this reduction sequence has necessarily the form 

t -^X h t2 *3 • • • °° 
and can be projected by PI and P2 into an infinite ^-reduction sequence as follows: 
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We thus get a contradiction with the fact the T G SJ\fjs,- Q 
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